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FIELD OF TECHNOLOGY 

[0001] The present invention relates to a host computer, a mobile communication device, 

a program and a storage medium for the use in an authentication system for supplying 
various kinds of goods and services. 

PRIOR ART 

[0002] At present, the supply of various kinds of products, including services, via 

communications lines, such as the supply of Internet contents and transactions at Internet 
Malls, is rapidly spreading, and the terminals used therein range widely from the personal 
computer to mobile communication devices, to various kinds of home appliances. That is, 
it is quite likely that in future, the majority of electronic equipment, service devices, and 
other equipment will be provided with a function to purchase for-fee products via 
communications lines. 

[0003] Moreover, with increasing popularity of financial services such as credit cards and 

the like, and there are increasingly diverse billing formats, and increased convenience for 
the consumer. These financial services are expected to be combined with mobile 
communication devices, such as mobile phones, to provide even greater levels of 
convenience, while, on the other hand, however, problems such as debit card forgery and 
theft have arisen. 

[0004] The situation described above further increases the importance of authenticating 

customers who have purchased products. Nevertheless, convenience will suffer if 
complicated operations for authentication are required every time the equipment is used. 

[0005] The present invention was invented in view of the above background and it is an 

object thereof is to provide an authentication system and a host computer, a mobile 
communication device, a program and a storage medium for the aforementioned system 
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capable of achieving appropriate authenticating processing while guaranteeing the 
maximum convenience for the user, when various kinds of products and services are 
provided. 

DISCLOSURE OF THE INVENTION 

[0006] In order to achieve the above described object, a host computer as set forth in the 

present invention is characterized in that it comprises: 

a first receiving means for receiving, from a service device, query information that 
requests authentication of the party in question; 

a second transmitting means for transmitting request information that requests 
information regarding the authentication to a mobile communication device in response to 
reception of query information by said first receiving means; 

a second storage means for storing information regarding the authentication of a 
plurality of persons; 

a second receiving means for receiving information regarding authentication from 

aforementioned mobile communication device; 

a comparing means for comparing information regarding the authentication 

received by said second receiving means with information regarding authentication stored 

in aforementioned second storage means; and 

a first transmitting means for transmitting authentication information that 

authenticates a party in question according to comparison results from said comparing 

means to the aforementioned service device. 
[0007] Furthermore, the aforementioned information regarding the authentication is 

characterized in that it is ID information of a user or personal attributes of a user. 
[0008] Furthermore, the aforementioned first receiving means is characterized in that it 

receives information regarding the services provided by the service device, and further 

comprises an authentication selecting means for selecting an authentication level 

according to the information regarding said services. 
[0009] Furthermore, the aforementioned authentication selecting means compares the 

past service provision history with services to be provided at present and selects the 

authentication level based on a result of that comparison. 
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[0010] Furthermore, the aforementioned authentication selecting means is characterized 

in that it selects an authentication level based on at least any one of cost of service, 
service provision region, service provision frequency and a total sum of money for 
service provided. 

[0011] Furthermore, in order to achieve the aforementioned object, the mobile 

communication device as set forth in the present invention is characterized in that it 
comprises: 

a third receiving means for receiving, from the host computer, request information 
that requests information regarding authentication; 

a first storage means for storing information regarding authentication; and 
a third transmitting means for transmitting information regarding authentication, 
stored in said first storage means, to the aforementioned host computer, in response to the 
reception of request information by the aforementioned third receiving means. 

[0012] Furthermore, it is characterized in that it has a fourth transmitting means for 

transmitting information regarding authentication to the service device. 

[0013] Furthermore, the aforementioned third transmitting means is characterized in that 

it selectively transmits, to the aforementioned host computer, the type of information 
regarding authentication requested by the aforementioned request information. 

[0014] Furthermore, the function of the mobile communication device as set forth in the 

present invention can be also achieved by causing a computer to execute a program, and 
such a program can be loaded on a recording medium that can be read by a computer. 

[0015] A method of authenticating by using the host computer and the mobile 

communication device as set forth in the present invention (hereinafter termed "the 
authentication method as set forth in the present invention") is based on both the 
communications between the first communication terminal built into the service device 
and the host computer, and the communications between the host computer and the 
mobile communication device (the second communication terminal). Higher reliability of 
authentication can be achieved thereby. In this way, when various kinds of products and 
services are provided, appropriate authentication processing can be achieved while 
guaranteeing maximum convenience for the customer. 

[0016] Furthermore, in the authentication method as set forth in the present invention, in 

the communication between the host computer and the mobile communication device (the 
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second communication terminal), the user may be asked for his ID information 
(identification information) or information regarding the personal attributes of the user, 
and authentication may be performed based on the response thereto. 
[001 7] Furthermore, in the service device as set forth in the present invention, a card 

reader for reading the information from the storage medium whereon the user's ID 
information is stored is further provided, and the service device can read the ID 
information of the storage medium, and the authentication method as set forth in the 
present invention is such that the first communication terminal transmits the ED 
information read by the card reader to the host computer, and the host computer notifies 
the mobile communication device (the second communication terminal) of the ID 
information based on this information and confirms the response of the mobile 
communication device (the second communication terminal) thereto. In this way, 
convenience and reliability can be increased, while using a conventional storage medium 
is used. 

[0018] Furthermore, in the authentication method as set forth in the present invention, 

and in addition, in the communication between the host computer and the mobile 
communication device (the second communication terminal), the identifiable 
communication information between the first communication terminal and the mobile 
communication device (the second communication terminal) is notified to the mobile 
communication device, and this information is confirmed by comparison with the 
information necessary for authenticating a communication history, a control transfer 
history, or the like and the authentication is performed based on the confirmation result 
thereof. This enables a further increase in the reliability of authentication. 

[0019] Furthermore, in the authentication method as set forth in the present invention, a 

plurality of authentication levels, and a control transfer permission condition relating to 
each authentication level, are stored in advance in the second storage means of the host 
computer or the third storage means of the service device so that an authentication level 
can be selected according to the object of the authentication when the user desires the 
authentication of the party in question. That is, the authentication level can be selected by 
comparing the past service provision history with the services to be provided at present. 

[0020] Furthermore, in the authentication method as set forth in the present invention, 

when the object of the authentication is to purchase products, the products are compared 
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with the price for the products and the past product purchase history, and the 
authentication level is selected based on the result of the comparison. Increased 
convenience can be achieved thereby. 
[0021] Furthermore, in the present invention, the host computer may automatically 

analyze trends in product purchasing by the user and compare the analysis result with said 
products. 

[0022] Furthermore, in the authentication method as set forth in the present invention, 

when the object of the authentication is to purchase a product, the authentication level can 
be selected based on at least any one of cost of service, service provision region, service 
provision frequency and a total sum of money for the service provided. Increased 
convenience can be achieved thereby. 

[0023] Furthermore, in the present invention, the service device may be equipment 

capable of providing a product to the user and may provide the product after confirming a 
billing process for the user after the authentication of the person in question. 

[0024] Furthermore, in the authentication method set forth in the present invention, the 

first communication terminal and the host computer are connected by a mobile 
communication line, and the host computer and the mobile communication device (the 
second communication terminal) are connected by the mobile communication line. The 
degree of freedom in the installation location, etc. of the first communication terminal is 
increased thereby. 

[0025] Furthermore, in the authentication method set forth in the present invention, the 

first communication terminal and the host computer are connected by a fixed line, and the 
host computer and the mobile communication device (the second communication 
terminal) are connected by a mobile communication line. The communication reliability 
of the first communication terminal is increased thereby. 

[0026] Furthermore, in the authentication method as set forth in the present invention, 

when a line condition is not good between the mobile communication device (the second 
communication terminal) and the host computer, communication that should be 
performed between the mobile communication device (the second communication 
terminal) and the host computer is executed between the first communication terminal 
and the host computer. Line problems can be handled easily thereby. 
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[0027] The descriptions in the specification and/or the drawings of Japanese Patent 

Application 2000-193957, which is the foundation for the priority of the present patent 
application, are incorporated [by reference] into the present specification. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0028] FIG. 1 is a block diagram illustrating the structure of a first embodiment of an 

authentication system as set forth in the present invention; 
[0029] FIG. 2 is a block diagram illustrating the structure of a second embodiment of an 

authentication system as set forth in the present invention; 
[0030] FIG. 3 is a block diagram illustrating the structure of a third embodiment of an 

authentication system as set forth in the present invention; 
[0031] FIG. 4 is a block diagram illustrating the structure of a fourth embodiment of an 

authentication system as set forth in the present invention; 
[0032] FIG. 5 is a diagram illustrating modified examples of the structures of the first and 

second communication terminals in the authentication system of FIG. 3; 
[0033] FIG. 6 is a flow chart illustrating the overall flow in an authentication system as 

set forth in the present invention; and 
[0034] FIG. 7 is a flow chart illustrating the flow of adjustment of the authentication level 

in an authentication system as set forth in the present invention. 

BEST MODE FOR CARRYING OUT THE INVENTION 

[0035] Next, embodiments of authentication systems constituted using a host computer, a 

mobile communication device, a program, and a recording medium as set forth in the 
present invention (hereinafter termed "the authentication system as set forth in the present 
invention") will be described based on the drawings. 

[0036] FIG. 1 illustrates a structure of a first embodiment of an authentication system as 

set forth in the present invention, illustrating an authentication system having a card 
reader system CRS for reading a storage medium CC for storing user ID information, 
such as a credit card. A card reader CR is connected to the card reader system CRS 
(service device), and the first communication terminal PD1 (in this case, for mobile 
communication) of a built-in type (embedded type) is incorporated into the card reader 
system CRS, and the user (customer) can communicate with a host computer HC of an 
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authentication control company BS through the first communication terminal PD1. The 
authentication control company BS is, for example, a communication service company, 
and performs the authentication control for a plurality of product supplier companies SP1 
to SP3 (and while three companies are shown in the drawing, the [actual] number is 
discretionary) according to product purchasing statuses in the card reader system CRS 
(service device). The product supplier companies SP1 to SP3 include not only service 
providing companies that provide services such as credit services, cash services, and the 
like, but also product supplier companies that provide various products, as shown in 
Table 1, via the Internet and, additionally, include financial institutions, securities 
companies, real estate companies, mass communication-related companies such as 
satellite broadcasting, cable television, newspapers, radio broadcasting, publishing and 
the like, and so forth. 

[0037] Here, for convenience , processing devices of the product supplier companies SP1 

to SP3 are also designated as SP1 to SP3. These processing devices SP1 to SP3 are 
connected to a host computer HC of the authentication control company BS via a public 
communication line or dedicated line. 



TABLE 1: Examples of Provided Products 



Provided Products 


Internet Contents 


Product information, corporate information 
and other information provision services 


Music distribution services 


Book distribution services 


Game distribution services 


Services for providing image information 
such as photographs, paintings and the like 


Internet mall, shopping channel 


Various kinds of products, monetary notes 


Finance 


Internet banking 


Securities 


Brokerage of securities trading 


Real estate 


Brokerage of real estate trading 
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Provided Products 


Mass Communication 


Satellite broadcasting, cable television 


Newspapers, publication 


Radio 



[0038] The host computer HC comprises: a first receiving means for receiving the query 

information for requesting an authentication of the person in question from the service 
device; a second transmitting means for transmitting request information for requesting 
information regarding authentication to a mobile communication device PD2 (the second 
communication terminal; in this case, a portable telephone) in response to the reception of 
the query information by the first receiving means; a second storage means MEM2 for 
storing the information regarding the authentication of a plurality of persons; a second 
receiving means for receiving information regarding authentication from the mobile 
communication device (the second communication terminal); the comparison means for 
comparing information regarding authentication received by the second receiving means 
with information regarding authentication stored in the second storage means MEM2; and 
a first transmitting means for transmitting authentication information for authenticating 
the person in question to the service device according to the result of comparison by the 
comparison means. 

[0039] Furthermore, the mobile communication device (the second communication 

terminal) PD2 comprises: a third receiving means for receiving the request information 
for requesting information regarding authentication from the host computer HC; a first 
storage means MEM1 for storing information regarding authentication; and a third 
transmitting means for transmitting information regarding authentication stored in the 
first storage means MEM1 to the host computer HC in response to the reception of 
request information by the third receiving means. 

[0040] An authentication method using a host computer HC and a mobile communication 

device (the second communication terminal) PD2 will be described next. 

[0041] First, query information for requesting the authentication of the party in question 

is transmitted from a first communication terminal PD1 of the service device (card reader 
system) CRS to a host computer HC. 
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[0042] When the host computer HC receives query information, for requesting the 

authentication of the party in question, from the first communication terminal PD1 
through a first receiving means, [this host computer HC] transmits request information, 
for requesting information regarding authentication, to a mobile communication device (a 
second communication terminal) PD2 through a second transmitting means in response to 
the reception of the query information by the first transmitting means. 

[0043] When the mobile communication device (the second communication terminal) 

PD2 receives request information, for requesting information regarding authentication 
from the host computer HC, through a third receiving means, [the mobile communication 
device (the second communication terminal) PD2] transmits information regarding 
authentication, which is stored in the first storage means MEM1, to the host computer HC 
through the third transmitting means in response to the reception of request information 
by the third receiving means. 

[0044] When the host computer HC receives the information regarding authentication 

from the mobile communication device (the second communication terminal) PD2 
through the second receiving means, [the host computer HC] compares the information 
regarding authentication received by the second receiving means with information 
regarding authentication stored in second storage means MEM2 through the use of 
comparing means, and transmits authentication information for authenticating the party in 
question to the first communication terminal PD1 of the service device (card reader 
system) CRS, through the first transmitting means, according to the query result. 

[0045] While conventionally a signature by the user has been required when executing an 

authentication procedure as to whether or not the use of a storage medium CC is legal, in 
the present embodiment, in order to reduce the load on the user and to speed up 
authentication processing, when the use of the CC storage medium is communicated as 
the query information to the host computer HC from the card reader system CRS, the host 
computer HC of the authentication control company BS communicates with the second 
communication terminal PD2 (mobile communication device, portable telephone) owned 
by the user and requests information regarding authentication (sends request information). 

[0046] The second communication terminal PD2 is provided with the storage means 

MEM1 for storing the user ID information, and, in response to the request from the host 
computer HC, the user ID information (information regarding authentication) is read from 
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the first storage means MEM1 and sent back to the host computer HC. When the host 
computer HC receives the user ED information from PD2, [the host computer HC] 
compares the ID information with information regarding authentication stored in second 
storage means MEM2 through the use of comparing means. If the use of the storage 
medium CC is legal, the authentication of the party in question is established and the 
reliability of the authentication can be increased thereby. 

[0047] Conversely, the host computer HC accumulates in advance, in the second storing 

means MEM2, information regarding the personal attributes of the user, and asks a 
question regarding the personal attributes of the user to the second communication 
terminal PD2. The host computer HC can confirm that the use of the storage medium CC 
by the user is legal when the user operates the second communication terminal PD2 to 
answer the question to the host computer HC and the answer (information regarding the 
personal attributes) is correct. Furthermore, the second communication terminal PD2 can 
also transmit information selectively, to the host computer HC, regarding the type of the 
authentication requested by request information from the host computer HC. 

[0048] To a user skilled in operating the second communication terminal (portable 

telephone) PD2, an authentication process using the second communication terminal PD2 
is extremely simple when compared to the inputting of the signature. Furthermore, the 
confirmation of the second communication terminal PD2 in addition to the ID 
information of the storage medium CC can increase the reliability of the authentication 
remarkably. 

[0049] When the authentication of the party in question is completed in the host computer 

HC, the authentication information is transmitted to the first communication terminal PD1 
from the host computer HC. The notification of this authentication is performed by 
transmitting a specific authentication code or the like. 

[0050] Furthermore, the mobile communication device (the second communication 

terminal) PD2 comprises a fourth transmitting means for transmitting information 
regarding authentication to the service device and the convenience and reliability of 
authentication can be increased even more through the addition, to the conditions of the 
authentication, of communication between the first communication terminal PD1 and the 
second communication terminal PD2. For example, the user ID information and other 
information are transmitted from the second communication terminal PD2 to the first 
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communication terminal PD1, and the first communication terminal PD1 transmits, to the 
host computer HC, this information, which was sent from the second communication 
terminal PD2, together with the ID information of the storage medium CC. The host 
computer HC is provided with second storage means MEM2, where this second storage 
means MEM2 stores a correspondence relationship (any information regarding the 
communication history or the control transfer history the individual user using the card 
reader system CRS) between the user ID information and the second communication 
terminal PD2 of the user, and, based on this correspondence relationship, the host 
computer HC transmits the ID information of the aforementioned storage medium CC and 
information regarding the correspondence relationship to the second communication 
terminal PD2. The second communication terminal PD2 compares this information 
transmitted from the host computer HC with the communication history, the control 
transfer history were the like stored, in the first storage portion MEM1 of the second 
communication terminal PD2, and, if there is a match, a reply to that effect is returned to 
the host computer HC. 

[0051] As described above, in the present embodiments, various types of authentication 

procedures can be used, by determining a reference for selecting the authentication 
procedure according to the purpose of the authentication, to achieve optimal convenience 
and reliability. For example, when the purpose of the authentication is to purchase a 
product, the authentication level can be set by the price thereof as shown in Table 2, and 
the authentication procedure for this can be set as shown by Table 3. 

TABLE 2: Examples of the authentication levels 
Authentication Level 1 

The price of the product is equal to or less than a first specific value. The first specific value 
is, for example, ¥5,000. 

Authentication Level 2 

The price of the product is more than the first specific value and is equal to or less than a 
second specific value. The second specific value is, for example, ¥10,000. 

Authentication Level 3 

The price of the product is more than the second specific value. 
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TABLE 3: Examples of control transfer permissions 
Authentication Level 1 

It is unconditionally authenticated. However, confirmation after the fact is made regarding 
the second communication terminal. 

Authentication Level 2 

Authentication control company BS makes a prior confirmation regarding the second 
communication terminal PD2 about product purchases. 

Authentication Level 3 

Authentication control company BS makes a prior confirmation regarding the first 
communication terminal PD1 and the second communication terminal PD2 about product 
purchases. 



[0052] That is, when the price of the product is equal to or less than the first specific 

value, there is unconditional authentication as authentication level L However, a 
confirmation after the fact is made regarding the second communication terminal PD2. 
When the price of the product is more than the first specific value and is equal to or less 
than the second specific value, the authentication control company BS makes a prior 
confirmation about the purchase of the product regarding the second communication 
terminal PD2, as authentication level 2. When the price of the product is more than the 
second specific value, the authentication control company BS makes a prior confirmation 
about the purchase of the product regarding the first communication terminal PD1 and the 
second communication terminal PD2, as authentication level 3. 

[0053] The first receiving means of the host computer HC is provided with authentication 

selecting means for receiving information regarding the services provided from the 
service device and selecting the authentication level according to this information 
regarding the services, enabling the authentication procedure to be changed according to 
the authentication level. That is, the host computer HC stores the authentication levels 
and the authentication procedures in the second storage means MEM2, and when query 
information for requesting the authentication of the party in question and information 
regarding the services are received from the first communication terminal PD1 through 
the first receiving means, the host computer HC selects the query level according to 
information regarding the services, referencing the second storage means MEM2, through 
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the use of the authentication selection means. After that, in order to perform the 
authentication procedure based on the authentication level, either request information for 
requesting information regarding authentication is sent to the mobile communication 
device (the second communication terminal) through the second transmitting means for a 
prior confirmation, or a confirmation is performed after the fact. In the case of the prior 
confirmation, authentication information for authenticating the party in question 
according to the comparison result is sent to the first communication terminal PD1 of the 
service device (card reader system) CRS through the first transmitting means. 

[0054] When the authentication by the host computer HC is not necessary, such as in the 

process for authentication level 1, storing the authentication levels and the authentication 
procedure in the third storage means MEM3 of the first communication terminal PD1 in 
advance, enables the first communication terminal PD1, that is, the card reader system 
CRS (service device), to provide the product to the user without waiting for the reception 
of an authentication code from the host computer HC, if it is confirmed that the price of 
the product is equal to or less than the first specific value. However, a confirmation after 
the fact is a made regarding the second communication terminal and, after the fact, the 
product supplying company SP is notified to that effect via the host computer HC. 

[0055] FIG. 2 illustrates a second embodiment, wherein the first communication terminal 

Tl of a fixed line is used in place of the first communication terminal PD1 (for mobile 
communication) of the first embodiment. The first communication terminal Tl is built 
into the card reader system CRS (service device). The other constituent components are 
identical to those of the first embodiment, so descriptions thereof will be omitted. The 
aforementioned structure enables the application of the authentication system of the 
present invention, even in cases where the status of the mobile communication line in the 
location of installation of the service device is not good. 

[0056] When the first communication terminal Tl of the fixed line is used, the 

authentication procedure by the communication between the second communication 
terminal PD2 and the host computer HC can be also executed by the communication 
between the first communication terminal Tl and the host computer HC. This is effective 
when the line status of the second communication terminal is bad. 

[0057] FIG. 3 illustrates a third embodiment for authentication in a television TV (service 

device) that can connect to the Internet. A first communication terminal PD1 (in this case, 
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for the mobile communication) of a built-in type (embedded type) is built into the 
television TV, where the television TV can communicate with the authentication control 
company BS via the first communication terminal PD1. 

[0058] The owner or the manager of the service device TV can access a variety of 

product supplier companies by a specific authentication procedure using the first 
communication terminal PD1, and the use of the video display functions and distribution 
functions of the television reduces limitations on the products that can be traded, 
remarkably invigorating economic activities. 

[0059] Furthermore, if the use of television TV by a large number of unspecified 

customers is enabled, a broad range of customers' needs can be handled, thus invigorating 
economic activities even further. However, in this case, it is necessary to perform billing 
appropriately for customers who used the television TV (service device), and there is a 
concern that the authentication and the billing procedure of the individual customers may 
become complicated. 

[0060] Additionally, in the present embodiment, when the charges for the purchase of 

products are to be borne by individual customers, a "control transfer mode" can be set up 
wherein control regarding charges is transferred to the customer's side. When the "control 
transfer mode" is set up, a plurality of customers perform payment processes after they 
have been authenticated, making it impossible for the owner or the manager of the service 
device to be charged. 

[0061] The customer (not shown) calls a first communication terminal PD1 (used by a 

plurality of customers) from a second communication terminal PD2 (a mobile 
communication device, in this case, a portable telephone) owned by the customer, and 
inputs a specific code (a number, a code, or the like), so that the service device TV can be 
used for the purpose of the billing of the customer. Guaranteeing the customer to be a 
legal through the authentication of the second communication terminal PD2 in this way 
enables customer authentication such that the second communication terminal PD2 itself 
is taken as the ID information, enabling appropriate billing to be performed. Additionally, 
customer authentication operations are relatively simple, not compromising convenience. 

[0062] At this time, information regarding billing is sent from the first communication 

terminal PD1 to the host computer HC of the authentication control company BS. 
Accordingly, regardless of whether or not the "control transfer mode" is used, 
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information regarding billing may be transmitted together with information regarding 
authentication, and it is not necessary to change the form of the transmission for billing 
information on the service device TV. 
[0063] When a specific "condition" is satisfied, the authentication control company BS 

permits the supply of a product by confirming the customer billing process customer. The 
authentication levels and conditions are the same as those of the embodiment described 
above. 

[0064] Although the authentication levels in Table 2 are set by the prices of the product 

alone, they can be adjusted based on the history of products purchased from the second 
communication terminal PD2, as shown in Table 4. 

TABLE 4: Example of adjustments of authentication levels. 
Authentication Level not modified 

(1) When the product purchase history of the second communication terminal PD2 recorded 
at the authentication control company BS is less than a specific value. The specific value is 
set by comprehensively judging the number of purchase times and the purchase amount of 
money. 

(2) When the product purchase history of the second communication terminal PD2 recorded 
in the first communication terminal PD1 is less than a specific value. As with (1), the specific 
value is set by comprehensively determining the number of purchases and the amount of 
purchases. 

Authentication Level lowered by 1 . 

(1) When the product purchase history of the second community terminal PD2 recorded in 
the authentication control company BS is more than a specific value. 

(2) When the product purchase history of the second communication terminal PD2 recorded 
in the first communication terminal PD1 is more than a specific value. 



[0065] In the evaluation of the purchase history in Table 4, if for example, the purchase 

amount of money of ¥100,000 is taken as the specific value of the purchase history as the 
condition for legal use, a comprehensive evaluation is made, such as calculating 10 
purchases as being equivalent to ¥10,000 of purchases, and adding this to the purchase 
history, even if the purchase amount of money is less than ¥100,000. 

[0066] Furthermore, the authentication level may be selected by comparing the past 

service provision history with the services to be provided at present, or the authentication 
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level may be selected based on at least anyone of the cost of services, service provision 
area, service provision frequency and the total sum of money for the services provided. 

[0067] As described above, appropriately simplifying the authentication procedure 

according to the authentication level can remarkably increase the convenience of the 
service device regarding the product provision. 

[0068] Note that other parameters, for example, the geographic area of the first 

communication terminal, the first communication terminal itself, the type of product, or 
the like, may also be used for setting and adjusting the authentication levels. 

[0069] Moreover, in the host computer HC, automatic analysis of product purchasing 

trends by the user may be used to lower the authentication level for a purchase of a 
product conforming to the analysis result, and to raise (increase the strictness of) the 
authentication level for the purchase of a product deviating from past trends. 

[0070] FIG. 4 illustrates a fourth embodiment wherein a first communication terminal Tl 

of a fixed line is used in place of the first communication terminal PD1 (for the mobile 
communication) in the third embodiment. The other constituent components are identical 
to those of the third embodiment, so descriptions thereof will be omitted. The 
aforementioned structure enables the application of the billing system of the present 
invention, even if the status of the mobile communication line in the location of 
installation of the service device is not good. Note that a structure can be used wherein 
the service device TV is used as the first communication terminal Tl and a telephone TV 
[sic] (Tl) with a fixed line is used. 

[0071] FIG. 5 illustrates a modified example of the structure of a first communication 

terminal (for mobile communication) PD1 and a second mobile communication terminal 
(mobile communication device, portable telephone) PD2 in the third embodiment. Label 
tags TGI, TG2 are built into the first and second mobile communication terminals PD1, 
PD2, respectively, and these label tags send unique signals of the first and second 
communication terminals PD1, PD2. The signals of label tags TGI, TG2 are received 
respectively by the antennas of the first and second communication terminals PD1, PD2 
and, when both are detected by each other, the service device TV transmits billing 
information as billing for the second communication terminal PD2 to the authentication 
control company BS. That is, the first and second communication terminals PD1, PD2 
operate as non-contact sensors and detect the electrical indexes issued by label tags TGI, 
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TG2. The automatic detection of PD1 and PD2 by each other in this way eliminates the 
necessity of performing cumbersome operations such as calling the first communication 
terminal PD1 from the second communication terminal PD2 and inputting a code. 

[0072] Obviously, radio communications by Bluetooth standards can be used in place of 

the communications by label tags. Additionally, the authentication control company BS 
may be the same as the product supplier company, simplifying the authentication system. 

[0073] FIG. 6 is a flowchart illustrating one example of the overall flow of the 

authentication system based on the control transfer request. Here, the adjustment of the 
authentication level shown in Table 4 is not performed, and a process is shown wherein 
only the conditions of Table 2 and Table 3 are used. 

[0074] First, an operation wherein the second communication terminal PD2 calls the first 

communication terminal PD1, or the like, and determines whether or not a request for the 
control transfer has been made (Step S41), and the process is terminated if no request has 
been made. 

[0075] If a request for control transfer has been made, the request details, namely, the 

product to be purchased, the prices thereof, and the like, and information regarding 
authentication such as the ID information regarding billing of the customer, and the like, 
are transmitted from the second communication terminal PD2 to the authentication 
control company BS (Step S42). In the first communication terminal, a determination is 
made, from the product prices and based on Table 2 and Table 3, whether or not the 
prices are of a low level not requiring an approval from the authentication control 
company BS, where if the approval is not required, the product is provided immediately 
(Step S45). If the approval is required, the product is provided (Step S45) when the 
approval from the authentication control company BS is granted (Step S44), and if the 
approval is not granted, a declined notification is provided to the second communication 
terminal PD2 (Step S46). 

[0076] After the product is provided, a determination is made based on the 

Authentication Level 1 in Table 3 as to whether or not a confirmation is required after the 
fact (Step S47), and if confirmation is required after the fact, information regarding the 
purchase of the product, and the like, is sent from the authentication control company BS 
to the second communication terminal PD2, or the like (Step S48). 
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[0077] FIG. 7 is a flowchart illustrating the process flow in an authentication system that 

performs the adjustment of authentication levels shown in Table 4. 

[0078] First, an operation wherein the second communication terminal PD2 calls the first 

communication terminal PD1, or the like, to determine whether or not a request for 
control transfer has been made (Step S51), and the process is terminated if no request has 
been made. 

[0079] If a request for control transfer has been made, a tentative evaluation of the 

authentication level is made based on the prices of the product to be purchased and based 
on Table 2 (Step S52). Here the request details, namely, the product to be purchased, the 
price thereof, and the like, and information regarding authentication such as the ID 
information regarding billing of the customer, and the like, are transmitted from the 
second communication terminal PD2 to the authentication control company BS (Step 53). 
Next, in the first communication terminal, a determination is made based on the product 
price as to whether or not the product is of a low level that does not require the approval 
of the authentication control company BS, and if approval is not required, the product is 
provided immediately (Step S58). If the approval is required, it is determined whether 
adjustment of the authentication level is required or not based on Table 4 in the 
authentication control company BS, and if adjustment is required, the process returns to 
Step S54 after the adjustment of the authentication level. If adjustment is not required or 
has become unnecessary because of adjustment of the authentication level, the process 
advances to the decision (Step S57) as to whether the authentication is approved or not in 
the authentication control company BS. 

[0080] If the approval is granted in Step S57, the product is provided (Step S58), but if 

the approval is not granted, the second communication terminal PD2 is notified that the 
approval is declined (Step S59). 

[0081] After a product is provided, as with Authentication Level 3, a determination is 

made as to whether or not a confirmation is required after the fact (Step S60), and if 
confirmation is required after the fact, information regarding the purchase of the product, 
or the like, is sent from the authentication control company BS to the second 
communication terminal PD2 (Step S61). 

[0082] Obviously, the control transfer for billing can be applied to any service device 

using any communication terminal other than the television TV. 
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[0083] The mobile communication device of the present invention is also embodied by a 

program that causes a computer to function as the present mobile communication device. 
This program may be stored on a recording medium capable of being read by a computer. 

[0084] The recording medium that stores this program may be the first storage means 

MEM1 itself, shown in FIG. 1, or a CD-ROM, or the like, wherein a program reading unit 
such as the CD-ROM drive, or the like, is provided as the external storage unit, where the 
CD-ROM can be read thereby through the insertion of the recording medium. 

[0085] Furthermore, the aforementioned recording medium may be a magnetic tape, a 

cassette tape, a floppy disc, a hard disc, MO/MD/DVD, or the like, or a semiconductor 
memory. 

INDUSTRIAL APPLICABILITY 

[0086] The present invention enables the provision of an authentication system that can 

provide an appropriate authentication process while guaranteeing the maximum 
convenience for the customer, when various kinds of products and services are provided, 
as well as a host computer, mobile communication device, program and recording 
medium for use in said authentication system. 
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